vendor:
phpAdsNew, OpenAds, OpenX
by:
Not available
5.5
CVSS
MEDIUM
Cross-Site Scripting (XSS)
79
CWE
Product Name: phpAdsNew, OpenAds, OpenX
Affected Version From: Not available
Affected Version To: Not available
Patch Exists: NO
Related CWE: Not available
CPE: Not available
Platforms Tested: Not available
2010
Cross-Site Scripting Vulnerability in Multiple Products
The applications fail to properly sanitize user-supplied input, allowing an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can be used to steal authentication credentials and launch further attacks.
Mitigation:
Developers should properly sanitize user-supplied input to prevent XSS vulnerabilities. Input validation and output encoding can be used to mitigate the risk.